Posted 10 July 2012 - 12:36 AM
I have a peculiar situation with an XP SP3 computer, and it is difficult to ascertain the true status of the machine.
The customer claims that they were greeted with a notification about a virus, so they promptly ran a full scan with Lavasoft Adaware. After this was completed, numerous seemingly valid EXE files were relocated to quarantine.
Most of them were tagged with - LooksLike.Win32.InfectedFile!A (v)
Many of them were EXEs from commercial/vertical software programs that had been installed for years. Since it seemed highly unlikely that all these objects were truly infected, I restored them all.
The machine is running OK. There are some quirks and performance issues, but nothing very ominous.
I have since installed and run MalwareBytes, and it found a couple of believable threats that were removed.
I then ran a Kaspersky and AVIRA scan on the machine. Both of these found multiple infected EXE files again. So I submitted a handful of these to Virustotal, and the results were all over the map. Many files were found clean, but others got several hits (New WIN32, W32/Pift, Virus.Win32.Suspic.gen). One of these hits was a component of the freshly installed Malwarebytes program (mabamgui.exe).
Not to be deterred, I just downloaded and ran the ESet online scanner. And... it found NOTHING.
What in the world am I supposed to make of this? Is there a reasonably certain way that I can confirm/deny the infection on this box?
I cannot recall when I have seen so much disagreement amongst the major AV vendors for a given machine.
Thanks much in advance for any suggestions/guidance.